CVE-2019-12047

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "...

EUVD-2019-3701

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2016-10539

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - negotiator is an HTTP content negotiator for Node.js and is used by many modules and frameworks including Express and Koa. The header for Accept-Language, when...

Linux Distros Unpatched Vulnerability : CVE-2019-14939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the mysql aka mysqljs module 2.17.1 for Node.js. The LOAD DATA LOCAL INFILE option is open by default. CVE-2019-14939 Note that Nessu...

Important: Red Hat Security Advisory: nodejs:20 security update

An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

SUSE CVE-2013-7377

The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe...

DEBIAN-CVE-2022-32213

The llhttp parser v14.20.1, v16.17.1 and v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling HRS...

CVE-2021-34084

OS command injection vulnerability in Turistforeningen node-s3-uploader through 2.0.3 for Node.js allows attackers to execute arbitrary commands via the metadata function...

Follow Redirects 信息泄露漏洞

Follow Redirects is a Node.js module that automatically follows Https redirects. An information disclosure vulnerability exists in versions of Follow Redirects prior to 1.14.8, which stems from the exposure of sensitive information in NPM to unauthorized participants...

GHSA-QPW2-XCHM-655Q Out-of-Bounds read in stringstream

Versions less than 0.0.6 of the Node.js stringstream module are vulnerable to an out-of-bounds read because of allocation of uninitialized buffers when a number is passed in the input stream when using Node.js 4.x. WITHDRAWN This is a duplicate of GHSA-mf6x-7mm4-x2g7...

Arbitrary Command Injection

Overview killport is an a nodejs module to kill any processes base on its port Affected versions of this package are vulnerable to Arbitrary Command Injection. If attacker-controlled user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the...

new module: nodejs:14

An update is available for nodejs-nodemon, nodejs-packaging. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list This enhancement update adds the nodejs:14 module to...

Low: Red Hat Enhancement Advisory: nodejs:12 enhancement update

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8. The following packages have been upgraded to a later upstream version: nodejs 12.14.1. BZ1791067...

CVE-2019-12047

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...

CVE-2019-12047

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...

Design/Logic Flaw

Gridea v0.8.0 has an XSS vulnerability through which the Nodejs module can be called to achieve arbitrary code execution, as demonstrated by childprocess.exec and the "img src= onerror='evalnew Buffer" substring...

Drupal Nodejs Module Access Bypass Vulnerability

Drupal is a free, open-source content management system developed in the PHP language maintained by the Drupal community.Node.js is one of the modules that provides real-time push updates. An access bypass vulnerability exists in the Drupal Nodejs module. This vulnerability allows attackers to...